View Full Version : Improve the protection

30th July 2010, 11:33 PM

I have some suggestions to improve the current protection. It involves a complete restructure so activation/MD5 checks/stolen code is no longer used, as that is easily bypassed in UPXs loader, as I explained to you before.

1) The encryptor uses RC4/TEA/Blowfish/AES/another symmetric cipher
2) The user is given a custom EXE which is custom encrypted.
Each distribution uses a different key.
Keyfiles are used to decrypt the executable's PE section.
Decryption/encryption code is compiled into the application itself.
Only the key is done on my side.
3) The user puts a key into the application directory.
4) The key decrypts the code segments and reencrypts them on
the fly.
5) If a user does not have a key, it is impossible to decrypt the PE sections.
OR if a key is not added, a bogus/wrong key is used. Thus decrypting the section wrong and causing BSODs or access violations.

Of course, the issue of trust presents its head, as stolen keys can be distributed, but they can be blacklisted too. Maybe a combination of activation/encryption can be used. I am planning of developing my solution based on this, as a practical exercise (and I am even open to sharing ideas/code/etc). Some commercial protections use this approach too, and had some success, since then the protection can only be cracked with a valid key, or years bruteforcing.

2) worth the time to implement. this is part of the above point (time vs benefit)

Worth it since:
A) Reduces issues for legitimate users for Internet access
B) Maximises cracker's pain since they have to decrypt the algorithm. And with a suitable implementation (especially with Rjindael), will take a while.

As for implementation you will:
A) Need to implement code in your protector to add a new code section and make it the entrypoint.
B) Encrypt the old.
C) You could even encrypt resource sections.
D) Implement decryption code in that new code section, using CreateFile/ReadFile to read the keyfiles, since standard C routines will bloat your imports.

Thank you for your time.

31st July 2010, 03:55 AM

Application that scans the users computer and generates a hardware ID.
this ID is then entered into the site and added into the users profile info (hidden and encrypted of course)

when the user downloads, the exe is automatically modified to only run on his hardware id.

if the user changes hardware, the id must be regenerated, readded to a profile and etcetera.

=X= Smasherx74 =X=
14th May 2015, 02:26 PM
This has been brought up. To see answer please: Search for the frickin' question before asking, it has most likely already been answered.

I'm a bit baffled at this. So what did you find this thread on google? Did you feel that what you said was so important that you had to make an account just to post it?

Even despite this thread being from 5 years ago, you still had the intent to tell someone what has been brought up (before 5 years ago?), and then you expect them to search something as broad as this and find an exact anwser to this question? So what, should they search and find their own thread again?

I really cant comprehend why you would do this or what kind of person would put things together in their head then do this. I mean i understand im writting an essay on how I can't comprehend your actions but still you are just being completely insane.

14th May 2015, 04:40 PM
It's a bot. You can tell by the signature.

The OP was just one of mudlord's private muddles with squall about kissing zilmar's ass into adopting his UPX code anyway.